Heads Of State On NSO Spyware List

French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the Israeli spyware firm NSO GroupPresident Macron has had to change his phone and phone number because Pegasus spyware, most probably targeted him, a French government official said. Ironically, Macron has recently held an emergency meeting on cyber security at the Élysée Palace. 

New evidence uncovered by a consortium of investigative journalists, collectively known as the 'Pegasus Project' has revealed that the phone numbers for heads of state, including President Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as hundreds of government officials, were selected as 'people of interest' by clients of spyware company NSO Group.  

Other potential targets found on a list of 50k phone numbers leaked to the charity Amnesty International include Barham Salih of Iraq, King Mohammed VI of Morocco and three current prime ministers, Imran Khan of Pakistan, Mustafa Madbouly of Egypt and Saad Eddine El Othmani of Morocco.

Amnesty International’s Security Lab has performed in-depth forensic analysis of numerous mobile devices from human rights defenders and journalists around the world. This research has uncovered widespread, persistent and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spywareThirty-seven phones identified in the Pegasus Project investigation were either breached or shows signs of attempted infection.

In Paris, the city's Prosecutor’s Office announced that it too was investigating the suspected widespread use of NSO’s military-grade Pegasus spyware to target journalists, human rights activists and politicians in multiple countries.

The Paris prosecutor’s office said in a statement that it opened an investigation into a raft of potential charges, including violation of privacy, illegal use of data and illegally selling spyware. As is common under French law, the investigation doesn’t name a suspected perpetrator but is aimed at determining who might eventually be sent to trial. It was prompted by a legal complaint by two journalists and investigative website Mediapart. An official in Macron’s office said authorities would investigate Le Monde’s report, and if the targeting is proven, it would be “extremely grave.”

Amnesty International’s Secretary General Agnes Callamard said: “The unprecedented revelation that the phones of at least fourteen heads of state may have been hacked using NSO Group’s Pegasus spyware should send a chill down the spine of world leaders... We have long known that activists and journalists are targets of this surreptitious phone-hacking – but it’s clear that even those at the highest levels of power cannot escape the sinister spread of NSO’s spyware." 

NSO Group can no longer hide behind the claim that its spyware is only used to fight crime, it appears that Pegasus is also the spyware of choice for those wanting to snoop on foreign governments, according to the claims of Pegasus Project invetigators.

“NSO Group must immediately stop selling its equipment to countries with a track record of putting human right defenders and journalists under unlawful surveillance...  The Israeli government should also not authorise licenses for the export of NSO Group’s cyber surveillance technology if there is a substantial risk it could be used for human rights violations.” Callamard, said in a statement.

Another company identified by Amnesty as hosting NSO servers was cloud computing dvelopment firm, DigitalOcean. When contacted by The Associated Press, DigitalOcean neither confirmed nor denied whether it had identified or cut off such servers. “All of the infrastructure outlined in the Amnesty report is no longer on DigitalOcean,” it said in an emailed statement.

The consortium’s findings significantly widen the scope of alleged abuses in which NSO Group has been implicated. Those include the surveillance of friends and relatives of journalist Jamal Khashoggi, who was killed inside the Saudi consulate in Istanbul in 2018, and highlight what critics call the urgent need to regulate global sales of commercial hacking tools. Leading French daily newspaper Le Monde said the phone numbers for Macron and other government members were among thousands allegedly selected by NSO clients for potential surveillance. In this case, the client was an unidentified Moroccan security service, according to Le Monde.

Consortium members said they were able to link more than 1,000 numbers in 50 countries on the list with individuals, including more than 600 politicians and government officials and 189 journalists. The largest share were in Mexico and the Middle East, where Saudi Arabia is reported to be among NSO clients. Also on the list were phone numbers in Azerbaijan, Kazakhstan, Pakistan, Morocco and Rwanda, as well as ones for several Arab royal family members, the consortium reported.

NSO Group has denied that it ever maintained “a list of potential, past or existing targets and Le Monde has quoted NSO as saying the French president was never targeted by its clients. The source of the leak  and how it was authenticated  has not been disclosed.

While a phone number’s presence in the data does not mean an attempt was made to hack a device, the consortium said it was confident the data indicated potential targets of NSO’s government clients.

Multiple lawsuits by alleged victims have been filed against NSO Group including by Facebook over the Israeli firm’s alleged hacking of its WhatsApp application and investigations are under way to determine whether the spyware was actually installed on the phones or whether data was retrieved.

Amnesty International:    France24:   Washington Post:   Guardian:     Marketwatch:   

APNews:   Security Week:      Military.com:      

You Might Also Read: 

Wanted: An International Cyber Security Law

 

« IBM Watson In Demand
The State Of Cyber Security In Healthcare »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.

aiComply

aiComply

aiComply's AI-driven platform offers automated intelligence for an efficient cybersecurity compliance workflow, eliminating onerous manual and time-consuming paperwork.